Social Networking Information Security

  • 2,331 views
Uploaded on

Need for a specific Information Security Policy for the use of Social Networking

Need for a specific Information Security Policy for the use of Social Networking

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,331
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
85
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Social Networking Need for an Information Security Policy Bernardo Ramos 08/02/2010 February 8th 2010
  • 2. Index ● Social Networking: A new standard for interpersonal communication: ● Personal ● Professional ● It is here to stay ● Social Networking and Security ● Old threats on a new support ● New specific threats February 8th 2010 Social Networks - Information Security 2
  • 3. Social Networking: A new standard for interpersonal communication ● Social Networking is not just Facebook and Twitter: It is a composite set of: – Blogging (Wordpress / Blogger) – Microblogging (Twitter) – Tumble-logging, Link-logging (http://fr.wikipedia.org/wiki/Tumblelog) (Tumblr, Delicious) – Open Social Networks (Facebook, Myspace, Tuenty, Renren) – Professional Social Networks (LinkedIn, Viadeo) – Private/dedicated Social Networks (Ning) – Photo and Video sharing (Flickr, Youtube) – Slide Sharing (Slideshare) – Document Sharing (Google docs) – Music lists sharing (Spotify, Blip.fm) Complemented and integrated with – E-mail – Chat February 8th 2010 Social Networks - Information Security 3
  • 4. Social Networking: A new standard for interpersonal communication Personal use Professional use Very linked to mobile communication February 8th 2010 Social Networks - Information Security 4
  • 5. Social Networking is here to stay Think of many other previous innovations: 1960 ● Telephone 1970 ● Computer Terminal 1980 ● Personal Computer ● Mail 1990 ● Forums and Groupwares ● Internet 2000 ● Collaborative web and IM ● Social Networking 2010 February 8th 2010 Social Networks - Information Security 5
  • 6. Social Networking and Security ● Social Networking provides support for already existing threats: ● Phishing ● Social Engineering ● Spam ● Data Leakage ● Malware infections February 8th 2010 Social Networks - Information Security 6
  • 7. Social Networking and Security ● Social Network present new threats or extended support for existing ones (Data loss, Identity theft, Password theft, etc.): ● Shortened URL (Twitter) ● Complementary Applications (Facebook) ● Unawareness of who is reading you, + sharing a lot of personal information: – Travelling details – What you are working on – Identity information – Etc. February 8th 2010 Social Networks - Information Security 7
  • 8. Social Networking and Security ● Beside the associated Information Security threats, Social Networking represents a risk since its intensive use could: ● Overwhelm telecommunications resources ● Reduce employee productivity February 8th 2010 Social Networks - Information Security 8
  • 9. Security Policy for Social Networking ● The social networking boom shows no sign of stopping. ● For young arriving employees it makes part of their everyday-life ● Social networking sites are now a vital part of many marketing and sales strategies. ● Many companies are planning the use of social networking for internal use Therefore: ● they cannot be blocked ● but they cannot be allowed to ● drain company resources or ● be used as vectors for data loss or malware penetration February 8th 2010 Social Networks - Information Security 9
  • 10. Security Policy for Social Networking A specific Social Networking Security Policy is needed to provide:  granular access control,  secure encryption  data monitoring  comprehensive malware protection And the most important  User Awareness February 8th 2010 Social Networks - Information Security 10
  • 11. Security Policy for Social Networking ● Starting from existing policies: ● User charter for the use of Information and Telecommunication resources ● Basic Security recommendations ● Internet Access best practices ● Etc. ● Additional awareness communication specific to Social Networking: ● How to adjust your settings to protect your identity ● Use of additional applications integrated in Social Networks ● Share only what really belongs to you ● Use chat only with verified known people ● Do not run for the biggest number of connections ● Do not mix personal and professional ● Be very restrictive and careful when sharing your company activities ● Do not use the same password everywhere (good password tips) ● Do not click quickly neither everywhere ● Think you can endanger the others February 8th 2010 Social Networks - Information Security 11
  • 12. Security Policy for Social Networking ● New restrictions and controls specific for Social Networking: ● ¿Accessing hours restrictions? (Difficult and only for productivity reasons) ● Individual high volume traffic alert ● Classification of Sensitive Information ● Encryption of High sensitive data ● Granular monitoring of Internet traffic ● Identification of specific dangerous sites or tools and restrict its use ● Regulation of the use of the company name and information ● Specific restrictions depending on each Social Media and tool (per user, per hours, etc.) Using last generation Firewalls ● Etc. February 8th 2010 Social Networks - Information Security 12
  • 13. Security Policy for Social Networking ● Can we forbid Social Networking? Should we do that? It is not a good idea because most of risks will still be there since: ● People will anyway use it at work with their personal mobile devices ● People will still use it at home February 8th 2010 Social Networks - Information Security 13